Networking

Port Scanning 
Powershell Ping Sweep
1..20 | % {"192.168.1.$($_): $(Test-Connection -count 1 -comp 192.168.1.$($_) -quiet)"}
Powershell Testing ports
Test-NetConnection -computername UFC-WEBPROD -Port 80
Port Forwarding 
# Listen address is local ip of machine that will be proxy, connect address is target
netsh interface portproxy add v4tov4 listenaddress=192.168.250.10 listenport=443 connectaddress=192.168.250.22 connectport=443
Firewalls
Listing Rules
netsh firewall show opmode
Disabling Firewall
netsh firewall set opmode mode=disable
Allowing Rule 
​
Enabling PsRemoting (WinRM)
​
Enabling CredSSP
​
Hyper-V
Listing VMs
Get-VM
Get Info on Running VMs
# Show properties
get-vm -name vault-db |format-list *
​
# Get IP
get-vm -Name vault-db | Select -ExpandProperty Networkadapters
Manage VMs
# Pass creds as object
$username = "<domain>\<username>"
$password = ConvertTo-SecureString "<password>" -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential -ArgumentList ($username, $password)
​
# Invoke Command on a VM using creds
invoke-command -vmname <vmname> -credential $cred -scriptblock {whoami}
​
# Enter-PSSession
Enter-PSSession -VMName <vmname> -Credential $cred
Mounting VM Disk Image
# Stop VM
Stop-VM -Name vault-dc
​
# Mount VM and list partition
Mount-VHD -Path 'C:\Users\Public\Documents\Hyper-V\Virtual hard disks\vault-dc.vhdx' -PassThru | Get-Disk | Get-Partition | Get-Volume
​
# Show drives
Get-PSDrive
SMB Null Session
enum4linux -n <IP>
enum4linux -a <IP>
​
# connect with smbclient and list shares
smbclient -L WORKGROUP -I <IP> -N -U ""
​
# Connect to shares
smbclient \\\\<IP>\\<SHARE> -N
​
# download
get <FILE>
​
# Upload
put <FILE>
Windows - Previous
Persistance
Next - Active Directory
Offensive Powershell
Last updated 3 months ago